1. Information We Collect
1.1 Information You Provide Directly
When you interact with our website, consultation forms, or client portal, we may collect the following categories of personal information:
- Contact Information: Full name, email address, phone number
- Business Information: Company name, job title, industry, company size
- Account Credentials: Information used to create and manage your client portal account (managed through Clerk authentication)
- Consultation Form Submissions: Project descriptions, service inquiries, and any details you voluntarily provide
- File Uploads: Documents, images, or other files you submit through our consultation forms or client portal
- Payment Information: Billing address and payment method details (processed securely by Stripe; we do not store full credit card numbers on our servers)
- Communications: Emails, messages, and other correspondence you send to us
1.2 Information Collected Automatically
When you visit our website, certain information is collected automatically through cookies and similar technologies:
- Device and Browser Information: IP address, browser type and version, operating system, device type
- Usage Data: Pages visited, time spent on pages, click patterns, referring URLs, and navigation paths
- Analytics Data: Aggregated behavioral data collected through Google Analytics 4 (GA4), including session duration, page views, bounce rate, and user demographics
- Authentication Data: Login timestamps, session tokens, and authentication events processed by Clerk
2. How We Use Your Information
We use the information we collect for the following purposes:
- Service Delivery: To provide, manage, and improve our consulting services
- Account Management: To create and maintain your client portal account, authenticate your identity, and manage access permissions
- Communication: To respond to inquiries, send project updates, deliver invoices, and provide service-related notifications via email (sent through Resend/Amazon SES)
- Payment Processing: To process payments, issue refunds, and manage billing through Stripe
- Analytics and Improvement: To analyze website usage patterns through Google Analytics 4, improve our website experience, and optimize our services
- Legal Compliance: To comply with applicable laws, regulations, and legal processes
- Security: To detect, prevent, and address fraud, unauthorized access, and other security issues
3. Third-Party Service Providers
We work with trusted third-party service providers who process personal information on our behalf. Each provider is contractually obligated to protect your data and use it only for the purposes we specify.
| Provider | Purpose | Data Processed |
|---|---|---|
| Clerk | Authentication & user management | Name, email, login credentials, session data |
| Stripe | Payment processing | Billing info, payment method, transaction history |
| Resend / Amazon SES | Email delivery | Email address, name, email content |
| Google Analytics (GA4) | Website analytics | IP address (anonymized), usage data, device info |
Links to each provider's privacy policy: Clerk, Stripe, Resend, Google.
4. Cookies and Tracking Technologies
4.1 Types of Cookies We Use
- Essential Cookies: Required for the website and client portal to function properly, including authentication session cookies set by Clerk
- Analytics Cookies: Used by Google Analytics 4 to collect aggregated usage data and help us understand how visitors interact with our website
- Functional Cookies: Used to remember your preferences and settings across sessions
4.2 Managing Cookies
You can control cookies through your browser settings. Most browsers allow you to block or delete cookies. However, disabling essential cookies may prevent you from using certain features of our website, including the client portal. You may also opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.
5. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. Specifically:
- Account Data: Retained for the duration of your active account and for up to 12 months after account closure
- Consultation Form Submissions and File Uploads: Retained for the duration of the consulting engagement and for up to 24 months thereafter
- Payment Records: Retained for up to 7 years as required for tax and financial compliance
- Analytics Data: Retained in accordance with Google Analytics' data retention settings (default: 14 months)
- Email Communications: Retained for up to 36 months after the last interaction
6. Data Security
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit using TLS/SSL
- Secure authentication through Clerk with support for multi-factor authentication
- PCI-DSS compliant payment processing through Stripe
- Regular security assessments and updates
- Access controls limiting who can view personal data
While we take reasonable precautions to protect your data, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.
7. Your Rights and Choices
Depending on your location, you may have the following rights regarding your personal information:
- Access: Request a copy of the personal information we hold about you
- Correction: Request that we correct inaccurate or incomplete personal information
- Deletion: Request that we delete your personal information, subject to legal retention requirements
- Portability: Request a copy of your data in a structured, machine-readable format
- Opt-Out of Marketing: Unsubscribe from marketing emails at any time using the link provided in each email
- Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time
To exercise any of these rights, please contact us using the information provided in Section 11 below.
8. State-Specific Privacy Rights
8.1 California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal information we collect, the right to delete your information, the right to opt out of the "sale" or "sharing" of personal information, and the right to non-discrimination for exercising your rights. We do not sell your personal information.
8.2 Georgia Residents
As a business based in Atlanta, Georgia, we comply with all applicable Georgia state privacy regulations. While Georgia does not currently have a comprehensive consumer privacy law equivalent to the CCPA, we extend the same rights and protections described in this policy to all users regardless of location.
8.3 Other U.S. State Privacy Laws
We are committed to complying with applicable state privacy laws, including those in Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and other states with consumer privacy legislation. If you are a resident of a state with specific privacy rights, please contact us to exercise those rights.
9. Children's Privacy
Our website and services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a minor, please contact us immediately so we can delete that information.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you via email or through a notice on our website.
11. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Malcolm J. Henry Consulting
Atlanta, Georgia
Email: consulting@malcolmjhenry.com
Website: malcolmjhenry.com